09-13-2011 12:02 AM - edited 07-03-2021 08:45 PM
Hi there,
I am currently setting up a wireless controller which is to service several SSIDs which are mapped to physically separated LANs.
So far there has been no problem in doing the config.
However I discovered later that for each SSID a separate RADIUS server has to be queried, which are also in physically separated networks and where no routing exists/will exist.
Now my question is, if there is any possibility to somehow tell the WLC to use a different source interface in order to enable the usage of
RADIUS Server 1 on Network A for SSID A and to use
RADIUS Server 2 on Network B for SSID B.
Regards,
Patrick
Solved! Go to Solution.
10-24-2011 07:42 AM
I just stumbled upon what might be the solution in this case.
Under WLAN Edit page for a SSID under Security -> AAA Servers there is a checkbox called
"Radius Server Overwrite interface".
All RADIUS requests are sent out on the dynamic-interface this SSID is mapped to.
I'll test this and will get back with the results.
09-13-2011 12:11 AM
Go to WLAN Edit page >> Layer 2 >> AAA servers >> Radius Server Priority >> Selct wat ever Radius Server u wanna map it to to that WLAN.
Please dont forge tto rate the usefull posts!!
Regards
Surendra
09-13-2011 12:18 AM
Hi Surendra,
the selection of the RADIUS server is not the problem. My problem is the source interface the WLC takes in order to send the query to the server. It is always the Management interface.
If I would configure the management interface with an IP from Network A it will not be able to send the query to the RADIUS server in Network B since the networks themselves cannot see each other.
I would like to know if there is a somehow a possibility to allow a different RADIUS source interface e.g. allow a dynamic interface.
Regards,
Patrick
09-13-2011 12:59 AM
It's way past my bed time. But wanted to throw this out there and maybe you could test it .. You can add routes in the wlc. But you would need a static coming back ...
I dont see any other way around it ... Cause u are right ... Wlc uses the management address ...
Sent from Cisco Technical Support iPad App
09-13-2011 01:34 AM
I already considered the routing, when we ordered the WLC.
I should have added that it is a 2500 series controller, sorry. They don't support the routing feature.
Funnily when connecting to CLI I can issue the command show route summary
To be honest I cannot understand, why it is not implemented.
10-24-2011 07:42 AM
I just stumbled upon what might be the solution in this case.
Under WLAN Edit page for a SSID under Security -> AAA Servers there is a checkbox called
"Radius Server Overwrite interface".
All RADIUS requests are sent out on the dynamic-interface this SSID is mapped to.
I'll test this and will get back with the results.
10-24-2011 09:27 AM
What code are you on ?
10-24-2011 09:26 AM
I am not all that surpirsed becuase the smaller WLCs lack some features, but I am surprised it doesnt support routing! LOL
10-25-2011 01:15 AM
I tested the feature and authentication requests via the dynamic-interface were successful when enabling this feature.
@George: We run the latest code 7.0.116.0, which must be the first where this feature got introduced. I don't recall seeing it in 7.0.98.0.
However the explanation of this feature is found in the documentation of WCS. Not a single mention in the WLC documentation.
Regarding the routing feature. I have tested it also on a 5508 WLC. As soon as you try to define a gateway, which is not in the service-port subnet you'll get an error, which is effectively the same problem.
But as the "Radius Server Overwrite interface" feature does exactly what I needed, this issue is solved.
10-25-2011 07:42 AM
The route commands on the WLC are for forcing traffic out of the service port. I wouldn't generally recommend using these unless you absolutley had to force traffic out the service-port to get OOB management working.
HTH,
Steve
----------------------------------------------------------------------------------------------------------
Please remember to rate helpful posts or to mark the question as answered so that it can be found later.
10-25-2011 08:25 AM
Is that right? So any static routes added in the WLC will go out the service port ?
10-25-2011 08:37 AM
Yes, sir.
It's been that way, as long as I can remember, which goes back to 3.2...god I feel old
HTH,
Steve
----------------------------------------------------------------------------------------------------------
Please remember to rate helpful posts or to mark the question as answered so that it can be found later.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide